ML22075A324

From kanterella
Jump to navigation Jump to search
Enclosure 1 - Report to Congress on the Security Inspection Program for Operating Commercial Power Reactors and Category I Fuel Cycle Facilities: Results and Status Update - Publicly Available
ML22075A324
Person / Time
Issue date: 06/17/2022
From:
Office of Nuclear Security and Incident Response
To:
References
CORR-22-0054
Download: ML22075A324 (20)
v  d  e


Text

Report to Congress on the Security Inspection Program for Operating Commercial Power Reactors and Category I Fuel Cycle Facilities:

Results and Status Update Annual Report for Calendar Year 2021 U.S. Nuclear Regulatory Commission Office of Nuclear Security and Incident Response Washington, DC 20555-0001 Enclosure 1

ABSTRACT This report fulfills the requirements of Section 170D.e of the Atomic Energy Act of 1954 (42 U.S.C. §2210 d(e)), as amended, which states, not less often than once each year, the Commission shall submit to the Committee on Environment and Public Works of the Senate and the Committee on Energy and Commerce of the House of Representatives a report, in classified form and unclassified form, that describes the results of each security response evaluation conducted and any relevant corrective action taken by a licensee during the previous year.

Additionally, Section 170D.a of the Atomic Energy Act of 1954 (42 U.S.C. §2210 d(a)), as amended, grants the U.S. Nuclear Regulatory Commission (NRC) the authority to determine which licensed facilities must undergo these security evaluations. The NRC is reporting the security response evaluation results for the Nations fleet of operating commercial nuclear power plants (NPPs) and Category I (CAT I) fuel cycle facilities, given the significance of the nature, form, and quantity of nuclear material at these facilities. With respect to NPPs, the scope of this report includes those undergoing decommissioning but not yet transitioned to a dry-storage independent spent fuel storage installation due to the continued implementation of Title 10 of the Code of Federal Regulations Part 73, Physical Protection of Plants and Materials. This report includes a comprehensive overview of the combined results of the security programs for calendar year (CY) 2021. To aid in understanding the context of how the NRC conducts evaluations, this report also provides a description of relevant security programs, including: Reactor Oversight Process (ROP), Security Baseline Inspection Program for NPPs, a force-on-force (FOF) evaluation description, and CAT I Fuel Cycle Facility Security Oversight Program.

Paperwork Reduction Act Statement NUREG-1885, Revision 15, Report to Congress on the Security Inspection Program for Commercial Power Reactors and Category I Fuel Cycle Facilities: Results and Status Update, does not contain information collection requirements and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. §3501 et seq.).

Public Protection Notification The NRC may not conduct nor sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.

ii

CONTENTS ABSTRACT ............................................................................................................................... ii

1. EXECUTIVE

SUMMARY

...................................................................................................... 1

2. SECURITY OVERSIGHT FOR COMMERCIAL POWER REACTORS ................................. 3
3. CALENDAR YEAR 2021 NUCLEAR POWER PLANT INSPECTION RESULTS .................. 5
4. CATEGORY I FUEL CYCLE FACILITY SECURITY OVERSIGHT PROGRAM .................... 6 4.1 Category I Fuel Cycle Facility Oversight Process Framework....................................... 6 4.2 Calendary Year 2021 Inspection Results...................................................................... 7
5. FORCE-ON-FORCE EVALUATIONS.................................................................................... 8 5.1 Overview ....................................................................................................................... 8 5.2 Background ................................................................................................................... 8 5.3 Program Activities for 2021 ........................................................................................... 9 5.4 Force-On-Force Evaluation Results............................................................................. 10
6. OVERALL SECURITY INSPECTION RESULTS FOR 2021 ............................................... 13 6.1 Overview ..................................................................................................................... 13 6.2 Inspection Results ....................................................................................................... 13
7. CONCLUSION .................................................................................................................... 16 APPENDIX: List of Acronyms................................................................................................. 17 iii
1. EXECUTIVE

SUMMARY

Conducting FOF inspections and implementing the security inspection program are two signature regulatory activities the NRC performs to ensure the secure and safe use of radioactive and nuclear materials by the commercial nuclear power industry and at CAT I fuel cycle facilities. CY 2021 was dynamic and challenging for the NRC and its regulated entities because of the continued impact of the coronavirus disease 2019 (COVID-19) variants and the ongoing public health emergency (PHE). The NRC took appropriate measures to balance the needs of the program and the need to keep NRC and licensee staff safe while also applying the NRCs Principles of Good Regulation (independence, openness, efficiency, clarity, and reliability) in performing its safety and security mission.

Despite the far-reaching impacts of the COVID-19 PHE, the NRC implemented innovative strategies to carry out risk-informed, performance-based oversight of the licensee physical protection programs while minimizing the risk for spreading the virus. These strategies included the use of remote inspections to augment onsite inspection activities and continuous monitoring and tracking of site-specific and local area COVID-19 conditions to inform decisions regarding conducting onsite inspections. In CY 2021, the NRC performed 176 security inspections to assess the multifaceted security programs licensees implement to protect and defend their sites. This is a slightly higher number than 162 inspections completed in CY 2020.

For CY 2021, there were a total of 66 inspection findings in the security baseline inspection program. Approximately 98 percent of the findings were assessed as very low safety significance. The Official Use Only - Security-Related Information version of this report (Enclosure 2) contains specific details on the inspection findings. Overall, the NRC saw a similar number in the total number of inspection findings in CY 2021 when compared to CY 2020. This represents a stabilization of a downward trend in findings observed in previous years; the NRC continues to monitor and evaluate trends to identify any potential influences, including from the COVID-19 PHE. While many changes to both licensee and NRC programs were enacted to mitigate risks associated with COVID-19, NRC inspections did not show degradation in the performance of licensee physical and cybersecurity programs. Furthermore, because the impacts of COVID-19 continued into CY 2021, the NRC used lessons learned and best practices from CY 2020 to establish modified inspection approaches for security oversight as the Nation continues its recovery trajectory.

NRC Approach to Force-on-More broadly, the NRC continues to assess opportunities to risk-inform and modernize its Force Inspections in 2021 security oversight program to help ensure the FOF inspections serve as a capstone evaluation of health of licensee security programs to provide licensees ability to use their security resources to for reasonable assurance of adequate detect, assess, and respond, in an integrated fashion, protection of public health and safety and the to a threat. In CY 2021, 19 sites were scheduled for common defense and security. an NRC-conducted FOF inspection. Twelve NPP sites were inspected using a modified FOF inspection In CY 2022, the NRC will continue to advance procedure that emphasized safety protocols related efforts targeted at increasing realism in the FOF to COVID-19 mitigation and used the minimum program. The agency will also incorporate the number of personnel from both the licensee and NRC cybersecurity inspection program into the ROP staff during the FOF exercise. There was one FOF for power reactor licensees and will implement inspection at a CAT I fuel cycle facility in CY 2021.

routine oversight of licensee cybersecurity programs. Finally, the NRC will continue its The six remaining NPP sites were inspected using important mission of monitoring the threat limited-scope tactical response drills based on site-directed toward NPPs and CAT I fuel cycle specific COVID-19 hardship conditions, since facilities to communicate time-sensitive COVID-19 conditions prevented the use of the information and assess the need for any modified FOF procedure. This inspection approach changes to the design-basis threat (DBT) was developed in CY 2020 to allow key elements of applicable to these facilities.

the sites physical protection strategy to be tested in a manner that mitigated the risk of COVID-19 transmission. The procedure included the use of tabletop exercises, limited-scope tactical response drills, and site walkdowns. While some well-established elements associated with the routine FOF inspections were not able to be used (i.e., full security force participation, determination of an outcome associated with the exercise, and use of an NRC-vetted mock adversary force and NRC-owned laser engagement simulated weapons systems), this approach allowed the NRC to verify some key aspects of licensee protective strategies and security responder performance and ensure confidence in licensees security posture.

2. SECURITY OVERSIGHT FOR COMMERCIAL POWER REACTORS Reactor Oversight Process Framework The NRC maintains regulatory oversight of safeguards and security programs for 93 power reactors located at 55 sites in 28 States across the country. The ROP 1 is the NRC's process to 0F inspect, measure, and assess the safety and security performance of an NPP licensee and to respond to any decline in their performance. The ROP is anchored in the NRC's mission to provide reasonable assurance of adequate protection of public health and safety and to promote the common defense and security and to protect the environment. The ROP encompasses three key strategic performance areas and measures NPP performance in seven specific cornerstones and in three cross-cutting areas as shown in Figure 2.

Figure 2: Reactor Oversight Framework The NRC evaluates NPP performance by analyzing two distinct inputs: inspection findings resulting from the NRC's inspection programs and performance indicators (PIs) reported by the licensees. The staff uses the NRCs baseline security significance determination processes (SDP) to evaluate security inspection-related findings and determine the significance of security program deficiencies 2 as shown in Figure 3. The staff uses the process for an initial screening 1F to identify inspection findings that would not significantly increase risk and thus do not need to be further analyzed. Remaining inspection findings are then subject to a more thorough risk assessment to determine whether further regulatory action is warranted. Similarly, each PI is measured against the ROP criteria using a color-coded system for performance. 3 2F Figure 3: Assessing Significance within the Reactor Oversight Program Based on the use of the SDP to assess licensee performance, the NRC determines the appropriate level of agency response, including supplemental inspection and pertinent 1 Additional details regarding the ROP can be found on the NRCs public website:

https://www.nrc.gov/reactors/operating/oversight/rop-description.html.

2 The SDP for nuclear power reactors uses risk insights, where appropriate, to help the NRC to determine the significance of inspection findings. These findings include both programmatic and process deficiencies.

3 Publicly available PI data is posted at https://www.nrc.gov/reactors/operating/oversight/pi-summary.html.

regulatory actions. Information regarding security findings is included in the NRCs action matrix 4 and is identified in the publicly available Action Matrix Summary as either very low 3F significance (i.e., green), or of greater significance (i.e., white, yellow, or red) which is presented in a different color (i.e., blue) to reflect greater-than-green significance. 5 4F The NRC's enforcement jurisdiction is derived from the Atomic Energy Act of 1954, as amended, and the Energy Reorganization Act of 1974, as amended. The enforcement program has two goals: (1) compliance with regulatory requirements, and (2) prompt and comprehensive identification as well as correction of violations. When violations are identified through the conduct of inspections and investigations, the NRC uses three primary enforcement sanctions:

notices of violation (NOVs), civil penalties, and orders. NOVs and civil penalties are issued based on violations. Orders may be issued for violations or, in the absence of a violation, because of a public health or safety issue.

The traditional enforcement process is used in conjunction with the ROP SDP for violations that resulted in actual security consequences, affected the ability of the NRC to perform its regulatory oversight function, or were deliberate in nature. Traditional enforcement includes four severity levels (SLs) that demonstrate the relative importance of the violation:

  • SL I violations are those that resulted in, or could have resulted in, serious safety or security consequences;
  • SL II violations are those that resulted in, or could have resulted in, significant safety or security consequences;
  • SL III violations are those that resulted in, or could have resulted in, moderate safety or security consequences; and
  • SL IV violations are those that are less serious but are of more-than-minor concern, that resulted in no or relatively inappreciable potential safety or security consequences.

4 The action matrix identifies the range of NRC and licensee actions and the appropriate level of communication for different levels of licensee performance. Information on the action matrix is provided in Inspection Manual Chapter 0305, Section 10, ROP Action Matrix, dated November 4, 2020. The current action matrix is posted at https://www.nrc.gov/reactors/operating/oversight/actionmatrix-summary.html.

5 Staff Requirements Memorandum for SECY-04-0191, Withholding Sensitive Unclassified Information Concerning Nuclear Power Reactors from Public Disclosure, dated November 9, 2004 (Agencywide Documents Access and Management System Accession No. ML043140175) ordered the NRC staff to withhold specific information relating to findings and PIs to ensure that security-related information is not provided to a potential adversary, including not specifying the actual color of greater-than-green security findings.

3. CALENDAR YEAR 2021 NUCLEAR POWER PLANT INSPECTION RESULTS Table 1 summarizes the results of the security baseline inspection program for commercial NPPs in CY 2021. Table 1 indicates that 58 out of 60 security findings at NPPs issued in CY 2021 were of very low security significance (i.e., green or SL IV violations); one was greater-than-green, and one was greater than SL IV. Furthermore, at the end of CY 2021, all licensees reported their security PI was green and, therefore, did not warrant additional NRC inspection.

Table 1: Calendar Year 2021 Security Baseline Inspection Program Summary for Commercial Nuclear Power Reactors Total number of security inspections conducted 166 Total number of inspection findings 60 Distribution of Inspection Findings:

Total number of green findings 52 Total number of greater-than-green findings 1 Total number of SL IV violations 6 Total number of greater-than-SL IV violations 1 Table 2 summarizes the associated findings related to security baseline inspections for commercial nuclear power reactors. The areas with the most inspection findings within the security baseline inspection program are cybersecurity, access control, and access authorization. This is consistent with previous years security baseline inspection results and associated findings.

Table 2: Calendar Year 2021 Security Baseline Inspections and Associated Findings for Commercial Nuclear Power Reactors by Inspection Procedure Number of Number Variance Inspection Procedure Inspection of from Areas Findings CY-2020 01 - Access Authorization 33 2 -4 02 - Access Control 62 14 +3 03 - Contingency Response (FOF)/Inspection Procedure 18 1 +1 92707 04 - Equipment Performance, Testing and Maintenance 28 8 +6 05 - Protective Strategy Evaluation 33 3 0 06 - Protection of Safeguards Information 1 0 0 07 - Security Training 31 0 -3 08 - Fitness-for-Duty Program 22 7 +4 09 - Security Plan Changes 27 0 0 10 - Cybersecurity 7 20 -13 11 - Materials Control and Accounting 18 1 0 14 - Target Set Inspection 19 4 +4 TOTAL: 299* 60 -2

  • Note: Security baseline inspections may involve multiple inspection areas, thus a higher total number.
4. CATEGORY I FUEL CYCLE FACILITY SECURITY OVERSIGHT PROGRAM 4.1 Category I Fuel Cycle Facility Oversight Process Framework The NRC maintains regulatory oversight of safeguards and security programs at two CAT I fuel cycle facilities: BWX Technologies, Inc. (BWXT), located in Lynchburg, Virginia, and Nuclear Fuel Services, Inc., located in Erwin, Tennessee. These facilities manufacture fuel for government reactors and down-blend highly enriched uranium into low-enriched uranium for use in commercial nuclear power reactors. Each CAT I fuel cycle facility is licensed to use and process a formula quantity of strategic special nuclear material. The strategic special nuclear material must be protected against acts of radiological sabotage as well as theft and diversion.

The primary objectives of the CAT I Fuel Cycle Facility Security Oversight Program are to:

  • determine if the fuel cycle facilities are operating safely, securely, and pursuant to the NRCs regulatory requirements and orders issued to fuel cycle facilities to implement compensatory security measures;
  • detect indications of declining safeguards performance;
  • investigate specific safeguards events and weaknesses; and
  • identify generic security issues.

Like the ROP for NPPs, the CAT I fuel cycle facility oversight program includes an inspection program to identify findings, determine their significance, document the results, and assess licensees corrective actions. The CAT I fuel cycle facility security inspection program uses traditional enforcement to assign the appropriate SL based on the significance of the finding as discussed in Section 2 of this report. The core inspection program requires highly enriched uranium-related physical security areas to be inspected annually, biennially, or triennially using established inspection procedures. The results of these inspections contribute to an overall assessment of licensee performance.

The highly enriched uranium inspectable security areas include:

  • access authorization
  • protection of sensitive and
  • access control classified information
  • contingency response
  • target area review
  • equipment performance
  • security training
  • fitness-for-duty
  • transportation security
  • material control and accounting The core inspection program also includes FOF evaluations. In addition, like NPPs, NRC resident inspectors assigned to each CAT I fuel cycle facility provide an onsite NRC presence for direct observation and verification of a licensees ongoing activities. Through the results obtained from all oversight efforts, the NRC determines whether licensees comply with regulatory requirements and can provide adequate protection against the DBT of radiological sabotage and theft or diversion.

4.2 Calendar Year 2021 Inspection Results Table 3 summarizes the overall results of the security inspection program for CAT I fuel cycle facilities during CY 2021. All baseline security findings issued in CY 2021 at CAT I fuel cycle facilities were of very low security significance (i.e., SL IV findings). A majority of SL IV findings at CAT I fuel cycle facilities were attributed to human performance issues during searches and reporting requirement violations. Additional information regarding the inspection findings is provided in Enclosure 2.

Table 3: Calendar Year 2021 Security Inspection Summary for Category I Fuel Cycle Facilities Total number of security inspections conducted 10 Total number of inspection findings 6 Total number of SL IV findings* 6 Total number of greater-than-SL IV findings 0

  • Note: In CY 2021, SL IV findings were identified during access control; equipment performance, testing, and maintenance; and fitness for duty areas of inspections.
5. FORCE-ON-FORCE EVALUATIONS 5.1 Overview FOF inspections include both tabletop drills and performance-based FOF inspection exercises.

These FOF inspection exercises simulate combat between a mock adversary force and a licensees security force. At an NPP, the mock adversary force attempts to reach and simulate damage to significant components of safety-related systems (referred to as target sets) that protect the reactors core or the spent fuel. Compromise of target sets could potentially cause a radioactive release to the environment. The licensees security force, in turn, attempts to interdict the mock adversary force to prevent the adversary from reaching target sets, thus preventing such a release. At a CAT I fuel cycle facility, a similar process is used to assess the effectiveness of a licensees protective strategy capabilities relative to the DBT of radiological sabotage and theft or diversion of strategic special nuclear material.

5.2 Background

Shortly after the PHE declaration in March CY 2020, FOF inspections were temporarily suspended due to the complex nature of the inspections that could create a heightened risk of virus transmission. Specifically, FOF exercises use Inspection Procedure (IP) 71130.03, Contingency Response - Force-on-Force Testing which requires extensive planning, a large number of interdisciplinary participants, and a broad range of activities that require gatherings of both small and large groups (e.g., site walkdowns, meetings, interviews, and tabletop exercises). In addition, some FOF elements involve close quarters interactions using the Multiple Integrated Laser Engagement System (e.g.,

controllers, players, and on-duty staff in a bullet-resistant enclosure). These factors required thorough consideration and mitigation.

In August 2020, NRC resumed inspections using a new special use Inspection Procedure (IP) 92707, Security Inspection of Facilities Impacted by a Local, State, or Federal Emergency Where the NRCs Ability to Conduct Triennial Force-on-Force Exercises is Limited, for limited-scope tactical response drills which allowed key elements of the sites physical protection strategy to be tested in a manner that mitigated the risk of COVID-19 transmission. This IP was used in accordance with Inspection Manual Chapter 2201, Appendix C, Generic, Special, and Infrequent Inspections, to perform prudent inspection activities during the special circumstances associated with the PHE. The IP enabled a limited resumption of onsite, performance-based inspections in August 2020, by using select elements of the routine triennial inspection procedure (e.g., walkdowns, tabletop exercises) and adapting elements to limit the risk of COVID-19 transmission. For example, entrance and exit meetings and safety briefings were held remotely where possible, and an increased acceptance of simulations was applied to reduce close contact conditions. To reduce the number of individuals onsite and further reduce the potential for COVID transmission, limited-scope tactical response drills were used instead of full-scope FOF exercises to assess key elements of the licensee protective strategy, including responder performance. In addition, licensees were able to choose to use site- or fleet-provided MILES equipment and mock adversary forces, rather than the typical NRC-provided MILES equipment and an NRC-approved industry mock adversary force to further reduce the potential for COVID-19 transmission through contact. While these factors presented a shift from the well-established FOF approach used for NPPs, the NRC sought to balance the need for routine licensee demonstrations with the adjustments made due to COVID-19. The use of IP 92707 through the remainder of CY 2020 allowed the NRC to verify some key aspects of licensee protective strategies and security responder performance and ensure confidence in licensees security posture.

In CY 2021, the NRC issued revisions to IP 71130.03 and IP 92707. The revision to IP 71130.03 added Addendum 5, Interim Guidance Related to the Implementation of Inspection Procedure 71130.03, Contingency Response - Force-on-Force Testing, During the COVID-19 PHE. This addendums objective is to balance protecting the health and safety of our inspectors and site personnel from the risk of exposure to COVID-19 with the need to conduct effective oversight that supports NRCs critical safety mission. This addendum would be in effect only when conditions during the COVID-19 PHE permit the use of IP 71130.03. Some of the key attributes of this addendum are that the inspection team should take every effort to reduce time onsite by conducting debriefs, entrance, and exit briefings remotely. For all aspects of the inspection, the inspection team should advise the licensee that only the minimum number of site personnel will be used during the conduct of the exercise (i.e., limited to the number of responders that would have the opportunity to engage adversaries in the exercise scenario).

The revision to IP 92707 was issued based on lessons learned from its implementation in CY 2020, specifically to provide direction when performance issues are identified during the limited-scope tactical response drills. Due to the limited security force participation, an issue identified in a limited-scope drill may not provide enough information to determine whether a performance deficiency exists. To accurately identify if a performance deficiency exists, the inspection team may expand the number of drill samples to gain additional information and insights into those key elements of the protective strategy (e.g., by rotating the existing participants to different positions). The expanded sample will be used to determine if a performance deficiency exists that will be screened in accordance with Inspection Manual Chapter 0612, Appendix B. In cases where a more-than-minor performance deficiency exists, NRC inspectors will utilize the baseline security SDP outlined in Inspection Manual Chapter 0609, Appendix E, Part I to evaluate the significance of the performance deficiency.

The staff developed guidance outlining a process for determining when a hardship condition exists that may preclude the implementation of IP 71130.03. The guidance provides for implementation of limited-scope tactical drills using IP 92707.

5.3 Program Activities for 2021 Program activities in CY 2021 marked the second year of the current 3-year FOF inspection cycle, the sixth one in the history of the program. A total of 17 NRC-conducted FOF inspections were scheduled at NPPs for CY 2021, with an additional inspection at Callaway Plant that was rescheduled from CY 2020 due to COVID-19 conditions at the site, making a total of 18 FOF inspections at NPPs for CY 2021. There was one scheduled FOF inspection at a CAT I fuel cycle facility (BWXT) in CY 2021. During CY 2021 the NRC completed FOF inspections utilizing IP 71130.03 Addendum 5 at 12 NPP sites: Turkey Point, Waterford, Point Beach, Brunswick, Quad Cities, Susquehanna, Columbia, Arkansas Nuclear One, Wolf Creek, Monticello, Grand Gulf, and Callaway. The remaining scheduled FOF inspections were conducted with IP 92707 using limited-scope tactical response drill exercises at six NPP sites: South Texas Project, Shearon Harris, LaSalle, North Anna, Limerick, and Surry.

5.4 Force-on-Force Evaluation Results Pursuant to the FOF SDP, an effective exercise is one in which the licensee demonstrates effective implementation of its protective strategy in accordance with plans approved by the NRC and related implementation procedures, regulatory requirements, or other Commission requirements, such as orders or confirmatory action letters. An indeterminate exercise is one in which the results were significantly skewed by an anomaly or anomalies, resulting in the inability to determine the outcome of the exercise (e.g., site responders neutralize the adversaries using procedures or practices unanticipated by the design of the site protective strategy or in conflict with the training of security personnel to implement the site protective strategy, or significant exercise control failures were experienced, including controller performance failures). A marginal exercise is one in which the licensees performance prevented the loss of a complete target set; however, the sites response force did not neutralize the adversary before the adversary simulated the loss of target set elements. An ineffective exercise is one in which the licensee did not demonstrate effective implementation of its protective strategy in accordance with plans approved by the NRC and related implementation procedures, regulatory requirements, or other Commission requirements, such as orders or confirmatory action letters.

In CY 2021, the NRC completed 18 inspections at commercial power reactors. Of the 18 completed inspections, 12 FOF inspections were completed, with one exercise per inspection in accordance with the revised interim guidance in IP 71130.03 Addendum 5 related to FOF testing during the PHE. The remaining six inspections were completed as limited-scope tactical response drill exercise inspections per IP 92707. One CAT I fuel cycle facility FOF inspection which included two exercises was completed in CY 2021, per IP 96001. Table 4 summarizes the 19 inspections conducted in CY 2021.

Table 4: Calendar Year 2021 Force-on-Force Evaluations Summary Total number of inspections of limited-scope tactical response drill exercises using 6

IP 92707 Total number of FOF inspections conducted with Addendum 5 (one exercise per 12 inspection)

Total number of fully integrated FOF inspections conducted at a CAT I fuel cycle 1

facility The fully integrated triennial FOF exercise conducted at a CAT I fuel cycle facility in CY 2021 was deemed effective. For the FOF inspections conducted at commercial power reactors with IP 71130.03 Addendum 5, Table 5 shows one ineffective and one indeterminate exercise outcome. For the six limited-scope tactical response drills conducted under IP 92707, a complete assessment of the FOF exercise was not possible because the drills were limited in scope and a determination of a licensees overall protective strategy effectiveness could not be made, consistent with the intended use of IP 92707. However, use of IP 92707 provided NRC inspectors the ability to conduct prudent inspection activities while minimizing the risk of COVID-19 transmission.

Table 5: Force-On-Force Exercise Outcomes Total number of limited-scope tactical drill exercises using IP 92707 65F 6 Total number of effective exercises 11 Total number of indeterminate exercises 1 Total number of marginal exercises 0 Total number of ineffective exercises 1 Figure 5 provides a summary of FOF inspection findings from 2015 through 2021. While the figure shows a declining number of inspection findings in the FOF program overall, the number of ineffective exercises has remained at a frequency of about once per year (or once per 20 inspections). The trend of decreasing FOF-related findings can be attributed to the licensees security programs becoming more mature and the NRC inspection teams increasingly taking a risk-informed approach to conducting inspections. This can be attributed, in part, to IP 71130.03 with Addendum 5 COVID-19 measures which limited the time of inspectors onsite to a minimum and reduced the overall inspection by one exercise. Another potential impact on the number of findings is IP 92707s reduced scope, complexity, and duration compared to the full FOF exercises conducted under IP 71130.03. During IP 92707 inspections, the inspection team did not evaluate the licensees command and control element (i.e., alarm stations, security shift supervisors) or use of security monitoring equipment, such as intrusion detection systems, cameras, or other devices.

6 Inspections conducted using IP 92707 were not assigned an exercise outcome.

Figure 5: Total Force-on-Force Findings Issued by Level of Significance

6. OVERALL SECURITY INSPECTION RESULTS FOR 2021 6.1 Overview In CY 2021, the NRC performed 176 security inspections at operating commercial NPPs and CAT I fuel cycle facilities (including FOF inspections). This was an 8-percent increase in the number of total security inspections compared to the previous CY. The increase is attributed to the deferment of 2020 biennial baseline inspections into 2021. The CY 2021 inspections resulted in a total of 66 findings, a similar outcome of the number of findings in CY 2020. The NRC issued revised ROP guidance in response to the COVID-19 PHE and implemented both onsite and remote inspection activities. While there is no single reason for the ongoing reduction in violations, potential contributing factors include changes to inspection approaches, reduced time onsite, reduced number of NPPs due to some sites moving to decommissioning, and the increasing maturity of licensee security programs.

6.2 Inspection Results Table 6 summarizes the overall results of the NRCs security inspection program at operating NPPs and CAT I fuel cycle facilities during CY 2021, including FOF inspections (see Figure 6).

Table 5 indicates that 64 out of 66 security inspection findings issued in CY 2021 were of very low security significance (i.e., the combined green and SL IV violations); one finding was greater-than-green and one finding was greater than SL IV. This information gives an overview of licensee performance within the security cornerstone. The Official Use Only -

Security-Related Information version of this report (Enclosure 2) contains additional details on each finding.

Table 6: Security Inspection Results for 2021 176 Total number of security inspections conducted 66 Total number of inspection findings 52 Total number of green findings 1 Total number of greater-than-green findings 12 Total number of SL IV violations 1 Total number of greater-than-SL IV violations Figure 6: Summary of Security Inspection Program Results for Calendar Year 2021 As shown in Figure 7, the decline in security inspection findings observed in CY 2021 is consistent with the declining trend observed in previous years. However, the NRC continues to monitor and evaluate trends to identify any potential influences from COVID-19 or ROP inspection guidance issued during the PHE.

Figure 7: Number of Security Inspections (2015-2021)

7. CONCLUSION The NRC remains focused on the mission of protecting public health and safety and has applied risk insights and the use of technology to perform oversight activities during the COVID-19 PHE.

As 2022 progresses, the staff continues to balance the measures taken to mitigate the risks of COVID-19 with efforts to increase onsite presence and reinstate more comprehensive performance-based activities, including full-scope FOF inspections.

The NRC has a long history of evaluating the ROP and its effectiveness to enact continuous improvement, and the security oversight program is no exception. In addition to tailoring inspection procedures to focus on licensee processes and programs to maintain a healthy security posture, the NRC actively monitors the threat environment to assess the need to communicate advisory information to licensees or to consider changes to the DBT. The NRC also maintains frequent engagement with Federal counterparts, the intelligence community, and law enforcement to maintain the agencys understanding of the evolving security landscape and to facilitate prompt screening and follow-up for suspicious activity reports and events. This enables the NRC to provide security oversight to help ensure that licensee programs are focused on protecting their sites in a dynamic environment.

As evidenced in this report, sustained performance has been demonstrated in NPP and CAT I fuel cycle security during CY 2021. Sites employ defense-in-depth strategies to protect against terrorism and radiological sabotage, including well-trained security forces, robust physical barriers, intrusion detection systems, surveillance systems, and plant access controls. The NRC oversight continues to probe for any vulnerabilities or deficiencies in site protective strategies and programs and takes prompt action where identified. In addition, kinetic assessment methods, such as FOF inspections, continue to provide performance-based insights regarding licensee readiness to defend their sites.

Report to Congress on the Security Inspection Program for Operating Commercial Power Reactors and Category 1 Fuel Cycle Facilities:

Results and Status Update List of Acronyms - Enclosure 1 BWXT BWX Technologies, Inc.

CAT I Category I COVID-19 coronavirus disease 2019 CY calendar year DBT design-basis threat FOF force-on-force NOV notice of violation NPP nuclear power plant NRC U.S. Nuclear Regulatory Commission PHE public health emergency PI performance indicators ROP reactor oversight process SDP significance determination process SL security level

Retrieved from "https://kanterella.com/w/index.php?title=ML22075A324&oldid=3448052"